def _get_keystone_auth(self, context):
if context.__class__.__name__ is 'KeystonePassword':
return identity.Password(
auth_url=self._auth_url,
username=context.username,
password=context.password,
user_id=context.user_id,
user_domain_id=context.user_domain_id,
user_domain_name=context.user_domain_name,
trust_id=context.trust_id,
domain_id=context.domain_id,
domain_name=context.domain_name,
project_id=context.project_id,
project_name=context.project_name,
project_domain_id=context.project_domain_id,
project_domain_name=context.project_domain_name,
reauthenticate=context.reauthenticate)
elif context.__class__.__name__ is 'KeystoneToken':
return identity.Token(
auth_url=self._auth_url,
token=context.token,
trust_id=context.trust_id,
domain_id=context.domain_id,
domain_name=context.domain_name,
project_id=context.project_id,
project_name=context.project_name,
project_domain_id=context.project_domain_id,
project_domain_name=context.project_domain_name,
reauthenticate=context.reauthenticate)
# this will be kept for oslo.context compatibility until
# projects begin to use utils.credential_factory
elif (context.__class__.__name__ is 'RequestContext'
or context.__class__.__name__ is 'Context'):
return identity.Token(auth_url=self._auth_url,
token=context.auth_token,
project_id=context.tenant)
else:
msg = _("context must be of type KeystonePassword, "
"KeystoneToken, RequestContext, or Context, got type "
"%s") % context.__class__.__name__
LOG.error(msg)
raise exception.Forbidden(reason=msg)
def _get_barbican_client(self, context):
"""Creates a client to connect to the Barbican service.
:param context: the user context for authentication
:return: a Barbican Client object
:raises Forbidden: if the context is empty
:raises KeyManagerError: if context is missing tenant or tenant is
None or error occurs while creating client
"""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
LOG.error(msg)
raise exception.Forbidden(msg)
if self._barbican_client and self._current_context == context:
return self._barbican_client
try:
auth = self._get_keystone_auth(context)
sess = session.Session(auth=auth)
self._barbican_endpoint = self._get_barbican_endpoint(auth, sess)
if self._barbican_endpoint[-1] != '/':
self._barbican_endpoint += '/'
self._barbican_client = barbican_client.Client(
session=sess, endpoint=self._barbican_endpoint)
self._current_context = context
except Exception as e:
LOG.error("Error creating Barbican client: %s", e)
raise exception.KeyManagerError(reason=e)
self._base_url = self._create_base_url(auth, sess,
self._barbican_endpoint)
return self._barbican_client